On Thu, 2017-11-16 at 11:26 -0500, John Lewis wrote:
I want to have one account for modifying both a LDAP directory and a Mediawiki. What tactic would you you use to do it?
I'm not sure this is a tough issue: the access controls are seperate in these cases.
On one hand from the LDAP directory management side, you only need the ACI/ACL's in place on the config/tree that would allow writes to appropriate locations. There is plenty of docs on aci/acl placement and construction for this.
From the mediawiki side, you can search users and use an ldap backend
to do password checks (binds) and then use groups to provide authorization control as to "who" can access the wiki.
I hope that helps you,